Security & Trust Center

Your source for essential documents and answers to common vendor risk and security questions.
GDPR Compliant
SOC2 Type II Compliant
SSPA Compliant
SOC 2 AttestationDownload to view the attestation letter for our completed a SOC 2 Type II audit.
Service Level Agreement (SLA)Understand our commitments to availability, support response time, and issue resolution.
Data Processing Agreement (DPA)Understand our commitments to availability, support response time, and issue resolution.

Frequently asked questions

Data Security & Privacy

Analytics data is stored in a location selected by the customer—currently New York (US), Amsterdam (Netherlands), or Sydney (Australia). Our global infrastructure is geo-distributed and operates on an anycast network. For more information, please visit our Network Map

We minimize data collection. We only require basic account information (email, org name). If Analytics is enabled, we log DNS queries and metadata (e.g. source IP, hostname, MAC address if the agent is installed). See Log Reference

All data is encrypted using AES-256 at rest and TLS 1.2+ in transit.

Yes. You can delete all Analytics (DNS log) data at any time via the Dashboard.

Yes, in two optional features:

  • A support chatbot powered by OpenAI's API (optional; logs retained for 90 days)
  • A machine learning malware filter, enabled only when "Strict" mode is turned on. No customer data is used for training.
More info: Malware Filter Docs

Access & Authentication

Yes. Admins can enforce:

  • Unique logins
  • MFA
  • Role-based access controls

Compliance & Certifications

Yes, Control D achieved SOC 2 Type II compliance in June 2025, with auditors ensuring that the company has top-tier internal security protocols to protect all sensitive data.

Yes, for more information on how Control D facilitates GDPR compliance, please refer to our blog post on the topic.

Yes. Control D meets Microsoft’s Supplier Security and Privacy Assurance (SSPA) requirements, confirming our adherence to Microsoft’s Data Protection Requirements (DPR) for safeguarding sensitive and high business impact data. Our compliance is reviewed and attested through the SSPA program.

AI Transparency

No. Customer data is never used to train our AI systems.

We strive for accuracy, and while AI models can sometimes generate incorrect information or "hallucinations", our support chatbot is designed to minimize these occurrences. For our malware filter, false positives are a possibility, but administrators have full control over its aggressiveness settings to ensure optimal performance.

GeneralAbout UsPricingPersonal UseFree DNSHelpPrivacyTermsSecurity & Trust
FeaturesMalware BlockingWeb FilteringService FilteringCustom FilteringModern ProtocolsAnalyticsData Streaming (SIEM)Traffic RedirectionMulti-TenancyAdmin LogsIntegrations
IndustriesStart-UpsSmall BusinessesPublic Wi-FiEducationHospitalityMSPsNon-ProfitsFaith Based Orgs
ResourcesKnowledge BaseAPI DocsBlogNetworkChangelogStatusSupport
SOC Certified
© 2025 CONTROLD, Inc.